Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/5e4c22-cfde-4ded-a526-39671e0b6266/1/XWhp1GvC5fxFyLnrco_8cDcFyLE.roa
File: XWhp1GvC5fxFyLnrco_8cDcFyLE.roa (raw, json)
Hash identifier: gzVBEd4kR7mJAaj5QIXJj10/5Wt0+g+LffN+im1FEo0=
Subject key identifier: 5D:68:69:D4:6B:C2:E5:FC:45:C8:B9:EB:72:8F:FC:70:37:05:C8:B1
Certificate issuer: /CN=5c1dd6ec4a2e1f376c855c58312195a005cdb850
Certificate serial: 01856BAEBD837062C18155CE1A39E0ACE697
Authority key identifier: 5C:1D:D6:EC:4A:2E:1F:37:6C:85:5C:58:31:21:95:A0:05:CD:B8:50
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/XB3W7EouHzdshVxYMSGVoAXNuFA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b4/5e4c22-cfde-4ded-a526-39671e0b6266/1/XWhp1GvC5fxFyLnrco_8cDcFyLE.roa
Signing time: Sun 01 Jan 2023 04:54:51 +0000
ROA not before: Sun 01 Jan 2023 04:54:51 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 43709
IP address blocks: 78.157.176.0/21 maxlen: 21
78.157.176.0/20 maxlen: 20
78.157.184.0/21 maxlen: 21
78.157.160.0/19 maxlen: 19
78.157.160.0/20 maxlen: 20
78.157.160.0/21 maxlen: 21
78.157.168.0/21 maxlen: 21
2a02:d8a0:c000::/34 maxlen: 34
2a02:d8a0:8000::/34 maxlen: 34
2a02:d8a0:4000::/34 maxlen: 34
2a02:d8a0::/34 maxlen: 34
2a02:d8a0::/32 maxlen: 32
2a02:d8a0:8000::/33 maxlen: 33
2a02:d8a0::/33 maxlen: 33
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6b:ae:bd:83:70:62:c1:81:55:ce:1a:39:e0:ac:e6:97
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5c1dd6ec4a2e1f376c855c58312195a005cdb850
Validity
Not Before: Jan 1 04:54:51 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=5d6869d46bc2e5fc45c8b9eb728ffc703705c8b1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:9a:ce:b2:b0:de:c3:e7:86:c9:eb:4c:0a:29:
94:01:89:08:cb:3e:56:c2:44:9c:bf:4f:f8:d1:fd:
4c:98:70:b5:40:66:b1:e7:33:4c:f3:c9:a6:52:9f:
5e:d5:5b:87:cc:e7:8a:5d:2a:0d:d1:e2:ce:c0:c7:
3a:8c:37:33:8f:77:e3:81:72:8b:0a:f5:46:2f:3c:
00:62:9d:5a:5d:f4:35:38:9f:8d:cc:52:d7:59:36:
cc:e5:14:9a:b0:cb:00:bf:93:e1:d8:04:05:bd:e5:
10:ab:41:9c:e7:0d:08:8e:63:46:63:5d:66:c7:60:
da:28:58:0f:77:8f:b2:5b:8c:26:cb:fd:00:6f:fb:
02:e2:a0:8d:d7:90:a0:8c:5d:d9:b5:60:02:c3:7b:
90:26:d3:e8:36:ab:4e:36:3e:21:fa:50:7a:08:eb:
14:6e:7a:dd:a0:c1:60:13:7e:77:df:a6:4d:53:96:
1d:e0:0e:b7:2c:dd:fc:52:e1:92:95:4f:00:c0:d1:
9d:68:f4:11:74:3b:41:1e:83:fd:46:8d:cf:55:f6:
0f:78:b9:0a:79:44:71:9d:b9:36:30:96:e4:fa:19:
a3:86:6f:d1:d2:86:1e:2e:bd:ba:44:ae:a1:f8:25:
ce:4e:45:08:27:d3:0f:a2:7b:9b:79:3b:c2:5a:fb:
5a:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:68:69:D4:6B:C2:E5:FC:45:C8:B9:EB:72:8F:FC:70:37:05:C8:B1
X509v3 Authority Key Identifier:
keyid:5C:1D:D6:EC:4A:2E:1F:37:6C:85:5C:58:31:21:95:A0:05:CD:B8:50
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XB3W7EouHzdshVxYMSGVoAXNuFA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/5e4c22-cfde-4ded-a526-39671e0b6266/1/XWhp1GvC5fxFyLnrco_8cDcFyLE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/5e4c22-cfde-4ded-a526-39671e0b6266/1/XB3W7EouHzdshVxYMSGVoAXNuFA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.157.160.0/19
IPv6:
2a02:d8a0::/32
Signature Algorithm: sha256WithRSAEncryption
6c:d9:6f:6c:5c:b2:22:f7:c3:f0:7b:38:6f:c1:ed:41:6d:c6:
d6:9d:7d:ed:5c:cf:e0:63:3d:df:41:61:28:a2:48:c9:c1:51:
7c:05:09:0f:41:df:bc:45:fc:b8:4d:1f:e8:6a:53:f5:15:6c:
ae:a7:d5:0b:f9:0d:0c:34:28:f0:a9:e8:71:15:e8:ca:5e:8a:
16:00:55:59:27:3d:4e:6d:bd:5e:e1:1f:b0:24:c3:1e:ae:91:
12:e3:60:dc:4b:81:2b:b8:f3:5d:2a:68:71:3c:27:b5:15:cf:
38:fd:d1:cb:3f:f7:00:bf:c6:80:08:62:9f:e7:08:c9:fa:27:
85:48:ec:43:be:da:62:25:1c:f1:bc:03:36:3b:56:0e:90:4e:
70:d5:8a:8f:f1:bd:85:a9:f6:e7:13:b6:28:40:78:dd:cd:75:
4b:10:1b:09:7b:5a:40:91:3e:04:be:da:60:c2:fc:bb:91:ef:
85:fd:b5:b0:ea:6c:af:7f:94:a6:e4:c6:2c:04:1f:6e:ec:0b:
de:41:60:ba:4d:9a:43:4b:5e:58:23:5d:d0:a8:4e:89:89:4f:
cb:9f:25:3b:ec:44:ae:cf:a3:fc:32:cc:ca:8c:6d:dc:ea:c7:
30:1b:f9:6a:cb:bd:bb:14:f2:ce:38:79:41:ab:47:4e:db:23:
28:85:1c:91
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVrrr2DcGLBgVXOGjngrOaXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjMWRkNmVjNGEyZTFmMzc2Yzg1NWM1ODMxMjE5NWEwMDVj
ZGI4NTAwHhcNMjMwMTAxMDQ1NDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDY4NjlkNDZiYzJlNWZjNDVjOGI5ZWI3MjhmZmM3MDM3MDVjOGIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy5rOsrDew+eGyetMCimUAYkIyz5W
wkScv0/40f1MmHC1QGax5zNM88mmUp9e1VuHzOeKXSoN0eLOwMc6jDczj3fjgXKL
CvVGLzwAYp1aXfQ1OJ+NzFLXWTbM5RSasMsAv5Ph2AQFveUQq0Gc5w0IjmNGY11m
x2DaKFgPd4+yW4wmy/0Ab/sC4qCN15CgjF3ZtWACw3uQJtPoNqtONj4h+lB6COsU
bnrdoMFgE35336ZNU5Yd4A63LN38UuGSlU8AwNGdaPQRdDtBHoP9Ro3PVfYPeLkK
eURxnbk2MJbk+hmjhm/R0oYeLr26RK6h+CXOTkUIJ9MPonubeTvCWvtanQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFF1oadRrwuX8Rci563KP/HA3BcixMB8GA1UdIwQY
MBaAFFwd1uxKLh83bIVcWDEhlaAFzbhQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWEIzVzdFb3VIemRzaFZ4WU1TR1ZvQVhOdUZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC81ZTRjMjItY2ZkZS00ZGVkLWE1MjYt
Mzk2NzFlMGI2MjY2LzEvWFdocDFHdkM1ZnhGeUxucmNvXzhjRGNGeUxFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC81ZTRjMjItY2ZkZS00ZGVkLWE1MjYtMzk2NzFlMGI2MjY2
LzEvWEIzVzdFb3VIemRzaFZ4WU1TR1ZvQVhOdUZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQFTp2gMA0E
AgACMAcDBQAqAtigMA0GCSqGSIb3DQEBCwUAA4IBAQBs2W9sXLIi98Pwezhvwe1B
bcbWnX3tXM/gYz3fQWEookjJwVF8BQkPQd+8Rfy4TR/oalP1FWyup9UL+Q0MNCjw
qehxFejKXooWAFVZJz1Obb1e4R+wJMMerpES42DcS4EruPNdKmhxPCe1Fc84/dHL
P/cAv8aACGKf5wjJ+ieFSOxDvtpiJRzxvAM2O1YOkE5w1YqP8b2FqfbnE7YoQHjd
zXVLEBsJe1pAkT4Evtpgwvy7ke+F/bWw6myvf5Sm5MYsBB9u7AveQWC6TZpDS15Y
I13QqE6JiU/LnyU77ESuz6P8MszKjG3c6scwG/lqy727FPLOOHlBq0dO2yMohRyR
-----END CERTIFICATE-----
Generated at Sat Apr 19 07:10:32 2025 by rpki-client